Commit Graph

24778 Commits

Author SHA1 Message Date
Jenkins for ownCloud 33d197db29 [tx-robot] updated from transifex 2015-04-24 01:55:15 -04:00
Lukas Reschke 6fed28271b Merge pull request #15846 from owncloud/fix-missing-loading-indicator
Add missing loading indicator for enabled apps
2015-04-23 23:30:09 +02:00
blizzz 61c6d64125 Merge pull request #15826 from owncloud/issue-15804-occ-user-delete-exception
Issue 15804 occ user delete exception
2015-04-23 22:58:24 +02:00
Morris Jobke f4bc852db3 Show hint if there is no delete permission
* add class .no-permission which shows the default delete icon
* fixes #15172
* add unit test for no permission and for delete permission
2015-04-23 21:49:59 +02:00
Morris Jobke 62bac7de91 Add missing loading indicator for enabled apps
* happened when an app gets activated, because the
  new appended HTML doesn't contain the loading
  image
* fixes #15806
2015-04-23 21:40:51 +02:00
Olivier Paroz 0729fc2fbc Remove overflow+watermark 2015-04-23 18:19:34 +02:00
Olivier Paroz 58a87d0bab Use authorization headers for better compatibility
+ add ellipsis
+ fix OC.generateUrl calls
2015-04-23 18:19:29 +02:00
Olivier Paroz a968877a8b An idea to suggest that this is just a sample of the full text 2015-04-23 18:19:21 +02:00
Olivier Paroz 530c290555 Use webDAV to have access to HTTP byte ranges 2015-04-23 18:19:17 +02:00
Olivier Paroz e113d67430 Cache the token value 2015-04-23 18:19:12 +02:00
Olivier Paroz 8d3f88cf16 Show a text preview instead of a bitmap preview of text
+ fix the preview height
2015-04-23 18:19:07 +02:00
Bjoern Schiessle 2646bccb83 update share keys if file gets copied 2015-04-23 17:18:48 +02:00
Bjoern Schiessle 2990b0e07e update share keys if a file is moved to a shared folder 2015-04-23 17:18:48 +02:00
Thomas Müller b1bb6a3d36 Ignore test folders when checking the code for compliance 2015-04-23 16:59:26 +02:00
Lukas Reschke ab9ea97d3a Catch not existing User-Agent header
In case of an not sent UA header consider the client as valid
2015-04-23 16:33:51 +02:00
Vincent Petry a672e9d556 Merge pull request #15814 from owncloud/public-reshare-webdav
Fix webdav access for public reshare
2015-04-23 15:28:10 +02:00
Lukas Reschke 155ae44bc6 Fix collision on temporary files + adjust permissions
This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug.

**[CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html)**
The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems:
The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user".

Effectively this leaves us with:

1. A timestamp based on seconds (no entropy at all)
2. `rand()` which returns usually a number between 0 and 2,147,483,647

Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed.

This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome.

**[CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)**

Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600.

**[CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html)**

Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes.
2015-04-23 15:07:54 +02:00
Thomas Müller d1ef96dc9b Merge pull request #15828 from owncloud/smb-1.0.1
update icewind/smb to 1.0.1
2015-04-23 14:48:25 +02:00
Thomas Müller 3b1a3cc27b Merge pull request #15831 from owncloud/enc2-unittestcleanuptmpfile
Delete temp files after testing encryption stream wrapper
2015-04-23 14:43:22 +02:00
Thomas Müller 6d3f120d23 Merge pull request #15617 from mmattel/getenv_system_check_and_warning
Checks if getenv returns proper system environment variable results
2015-04-23 14:42:58 +02:00
Thomas Müller 8997d2f0d1 Merge pull request #15830 from owncloud/enc2-ajaxstatuswhenloggedin
Only get encryption status when logged in
2015-04-23 14:41:06 +02:00
Robin Appelman 7a3a8e4032 fix subfolder reshares over webdav 2015-04-23 13:42:51 +02:00
Vincent Petry b88d0ba0ac Delete temp files after testing encryption stream wrapper 2015-04-23 13:42:18 +02:00
Vincent Petry cc3bc6345b Only get encryption status when logged in
This removes useless warnings in the logs.
2015-04-23 13:06:00 +02:00
Joas Schilling cb641b4c29 Fix file names 2015-04-23 12:53:01 +02:00
Joas Schilling cfa23e60d3 Add tests for occ user:lastseen 2015-04-23 12:41:06 +02:00
Joas Schilling eec92a16d6 Unify the output of the user commands and use DI 2015-04-23 12:40:13 +02:00
Joas Schilling bb5b6e5f63 Add unit tests for occ user:delete 2015-04-23 12:33:12 +02:00
Joas Schilling 07627084e4 Check if the user exists before trying to delete him 2015-04-23 12:32:46 +02:00
root 35dbef55b5 Checks if getenv returns proper system variable results
Updated texts and changed the variable name to match the query

Updated text + info which path for php config is used

removed the term ownCloud and squashed the commits

Updated text
2015-04-23 10:58:13 +02:00
Jenkins for ownCloud f8f354b351 [tx-robot] updated from transifex 2015-04-23 01:54:51 -04:00
Morris Jobke 37a5b62abb Merge pull request #15639 from rullzer/fix_15368
Reset sharedialog values
2015-04-23 00:18:23 +02:00
Robin Appelman 57f49391dc remove unneeded readonlycache 2015-04-22 20:07:54 +02:00
Robin Appelman 7eabd96e4c update icewind/smb to 1.0.1 2015-04-22 20:05:38 +02:00
Clark Tomlinson 29168665cb fix messages from settings crontroller 2015-04-22 13:26:06 -04:00
Clark Tomlinson e3ec1a8bb8 remove status's and adjust js 2015-04-22 11:07:56 -04:00
Clark Tomlinson 1747117edf destupify tests 2015-04-22 10:46:56 -04:00
Clark Tomlinson c81bc152d7 fixing return values and adding tests 2015-04-22 10:46:55 -04:00
Robin Appelman 2adb79c794 resolve reshares in public webdav 2015-04-22 16:19:52 +02:00
Thomas Müller 750f0bc489 Merge pull request #15799 from owncloud/fix-enc-folder-move
Fix enc folder move
2015-04-22 16:04:29 +02:00
Robin Appelman 03b7f1d015 use the permissions mask cache wrapper instead of the read only cache 2015-04-22 15:28:06 +02:00
Morris Jobke 42d9ba0f83 Merge pull request #15787 from owncloud/trash-partfiles
Do not trash part files, delete directly
2015-04-22 14:10:26 +02:00
Morris Jobke a971fa8a90 Merge pull request #15549 from owncloud/jcf-fix-cache-update
don't update identical values
2015-04-22 13:34:08 +02:00
Martin 676e86b314 Improve error messge text for app upgrade try (#15375) 2015-04-22 13:24:11 +02:00
Thomas Müller 0042bdd2e7 fix PHPDoc 2015-04-22 13:12:52 +02:00
Thomas Müller 225cde2183 pass KeyStorage via ctor 2015-04-22 13:09:42 +02:00
Thomas Müller 987bc138df calling renameKeys() on directory level as well - fixes #15778 2015-04-22 12:12:27 +02:00
Thomas Müller fc4127dd62 add $encryptionModuleId to methods of Keys/IStorage 2015-04-22 11:53:05 +02:00
Björn Schießle 570718fb6b Merge pull request #15757 from owncloud/enc-fixfeofforlastblock
Fix encryption feof to not return too early
2015-04-22 11:32:21 +02:00
Jenkins for ownCloud d7bdf60559 [tx-robot] updated from transifex 2015-04-22 01:55:38 -04:00